-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 16 Nov 2006 14:48:25 -0600 El Camino <[EMAIL PROTECTED]> wrote: >This isn't AVERT's first published vuln. Most security >professionals >do list some certs and sigs. > >Don't take it out on him if you got kicked out of school or can't >pass >the A+ exam. > > >On 11/16/06, Cyrus Grissom <[EMAIL PROTECTED]> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> interesting....i didnt know that avert was in the business of >> publishing vunls...dont recall seeing any others? first time? i >> dont remember seeing it in my 'McAfee Avert Labs Threat News' >email >> alert? would have been nice... >> >> and what the hell is this, "Dave Marcus, B.A., CCNA, MCSE"? are >> you letting everyone know that you have a bachelor's of arts >> degree? a "Security Research and Communications Manager" who >> advertises that he has a ba, a ccna and a mcse...you're such a >> schmuck....how about a high school diploma, do you want to let >us >> know about that too? go play with your blog or something...... >> >> - -c >> >> On Thu, 16 Nov 2006 11:25:38 -0500 [EMAIL PROTECTED] >wrote: >> >McAfee, Inc. >> >McAfee(r) Avert(r) Labs Security Advisory >> >Public Release Date: 2006-11-16 >> > >> >Vulnerabilities in Client Service for NetWare >> > >> >CVE-2006-4688, CVE-2006-4689 >> >>__________________________________________________________________ >_ >> >> >_____ >> >_______ >> > >> >* Synopsis >> > >> >The Client Service for NetWare (CSNW) allows a Windows client >to >> >access >> >NetWare file, print, and directory services. >> > >> >Successful exploitation could lead to execution of arbitrary >code >> >or >> >cause the affected system to stop responding. >> >>__________________________________________________________________ >_ >> >> >_____ >> >_______ >> > >> >* Vulnerable System or Application >> > >> >Microsoft Windows 2000 Service Pack 4 >> >Microsoft Windows XP Service Pack 2 >> >Microsoft Windows Server 2003 and Microsoft Windows Server 2003 >> >Service >> >Pack 1 >> > >> >>__________________________________________________________________ >_ >> >> >_____ >> >_______ >> > >> >* Vulnerability Information >> > >> >CVE-2006-4688 >> > >> >A boundary error in Client Service for Netware (CSNW) can be >> >exploited >> >to cause a buffer overflow via a specially crafted network >message >> >> >sent >> >to the system. Successful exploitation allows execution of >> >arbitrary >> >code and an attacker could remotely take complete control of >the >> >affected system. >> > >> >CVE-2006-4689 >> > >> >A denial of service vulnerability exists in Client Service for >> >NetWare >> >(CSNW) that could allow an attacker to send a specially crafted >> >network >> >message to an affected system running the Client Service for >> >NetWare >> >service. An attacker could cause the system to stop responding >and >> >automatically restart thus causing the affected system to stop >> >accepting >> >requests. >> >>__________________________________________________________________ >_ >> >> >_____ >> >_______ >> > >> >* Resolution >> > >> >Microsoft has included fixes for the Client Service for Netware >> >(CSNW) >> >issues in the November 2006 Security Bulletin MS06-066 for >> >affected >> >Windows platforms. >> >>__________________________________________________________________ >_ >> >> >_____ >> >_______ >> > >> >* Credits >> > >> >These vulnerabilities were discovered by Sam Arun Raj of McAfee >> >Avert >> >Labs. >> > >> >>__________________________________________________________________ >_ >> >> >_____ >> >_______ >> > >> >* Legal Notice >> > >> >Copyright (C) 2006 McAfee, Inc. >> >The information contained within this advisory is provided for >the >> >convenience of McAfee's customers, and may be redistributed >> >provided >> >that no fee is charged for distribution and that the advisory >is >> >not >> >modified in any way. McAfee makes no representations or >warranties >> >regarding the accuracy of the information referenced in this >> >document, >> >or the suitability of that information for your purposes. >> > >> >McAfee, Inc. and McAfee Avert Labs are registered Trademarks of >> >McAfee, >> >Inc. and/or its affiliated companies in the United States >and/or >> >other >> >Countries. All other registered and unregistered trademarks in >> >this >> >document are the sole property of their respective owners. >> > >> > >> >Best regards, >> > >> >Dave Marcus, B.A., CCNA, MCSE >> >Security Research and Communications Manager >> >McAfee(r) Avert(r) Labs >> >(443) 321-3771 Office >> >(443) 668-0048 Mobile >> >McAfee Threat Center >> ><http://www.mcafee.com/us/threat_center/default.asp> >> >McAfee Avert Labs Research Blog >> ><http://www.avertlabs.com/research/blog> >> > >> > >> > >> >_______________________________________________ >> >Full-Disclosure - We believe in it. >> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >Hosted and sponsored by Secunia - http://secunia.com/ >> -----BEGIN PGP SIGNATURE----- >> Note: This signature can be verified at >https://www.hushtools.com/verify >> Version: Hush 2.5 >> >> >wkYEARECAAYFAkVcqU8ACgkQUZmP8t5Ad2MnKgCgqc4gMUcV2fNoWaz7uUEgdX5CfKA >A >> n01HkOEaV3XV7SvYimqdujz1FeIX >> =ccXv >> -----END PGP SIGNATURE----- >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ Please take disagreements, flames, and arguments off the list if possible. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5
wpwEAQECAAYFAkVdXJsACgkQ3AEcWsxdEQ6bDgQAlXCr782U0wo75AODu9WmQNSlugf4 ocp+ZwhcNZ3CRz3gihDcIR++JqqUQMvpwE+Cl6nU/1j6hRnS4ELQrVRn1nNgg/tcH473 jlI3tDeicLyoNuhHRql9JAiQA2kKHjdO5Go7m0m1rrKkmRCGPiLBlDkigX8RC4Kg1l+x 1FjOrPs= =33G8 -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
